Jump to content
Darkentik

Endpoint Security blocks Bacula Communication

Recommended Posts

Hello,

 

We in our company use Kaspersky Endpoint Security 10 (KES10) on our clients and the security center on our server to handle the clients.

For backup jobs we use Bacula on our backupserver to backup some data from our clients.

Now we have the following situation.

If we try to start a bacula job for a client where the KES10 is running, the bacula job doesn´t work.

If we stop the firewall module in KES10 at the client manually then the bacula job works fine.

For our clients we use policies at the security center.

We have add bacula to the trusted programs in the control rules for network activities but it doesn´t work.

 

Has anyone experience with the combination of KES10+bacula or the same problem with other programs?

We have slowly no ideas left... :blink:

 

best regards

David

Share this post


Link to post
No One any idea?

 

I would hit up bacula & see what firewall/antivirus exclusions are required & apply them.

Share this post


Link to post

I already know that bacula use the ports 9101,9102 and 9103. And i´ve give them access to work on network but that doesn´t matter.

Bacula doesn´t work...

Share this post


Link to post

It is truely bad that you have to do such tricky things...omg...i can´t believe this!

That shows how bad the KES10 is working...really guys that can´t be a real solution to stop the KES10 Firewall because in other way it will block other services where you don´t have any chance to learn KES10 to give this services access?!

How bad is this?!

There must be an other way.

Share this post


Link to post
Hello,

 

We in our company use Kaspersky Endpoint Security 10 (KES10) on our clients and the security center on our server to handle the clients.

For backup jobs we use Bacula on our backupserver to backup some data from our clients.

Now we have the following situation.

If we try to start a bacula job for a client where the KES10 is running, the bacula job doesn´t work.

If we stop the firewall module in KES10 at the client manually then the bacula job works fine.

For our clients we use policies at the security center.

We have add bacula to the trusted programs in the control rules for network activities but it doesn´t work.

 

Has anyone experience with the combination of KES10+bacula or the same problem with other programs?

We have slowly no ideas left... :blink:

 

best regards

David

 

 

Please submit your scenario through the company account with traces covering the issue with the Firewall enabled only:

 

[ http://support.kaspersky.com/faq/companyaccount_help.aspx ]

 

[ http://support.kaspersky.com/9343 ]

 

Thank you.

Share this post


Link to post

What do you see in bconsole when you try to run a backup job? Where does it stop (issue "auto mess on" in bconsole to see what's going on before running a job)?

Bacula client requires "allow incoming tcp:9102 from bacula-dir server", "allow outgoing tcp:9103 to bacula-sd server". In my case where dir and sd run on the same machine I define KAV-s rules as "Allow incoming(stream)..." and "Allow outgoing (stream)...".

Share this post


Link to post

Hi @aehrlich,

 

can u make screenshots for me how u have create ur rules in KAV?

I have already defined in the firewall modul that the traffic at the ports 9102 and 9103 are allowed.

Share this post


Link to post
Hi @aehrlich,

 

can u make screenshots for me how u have create ur rules in KAV?

I have already defined in the firewall modul that the traffic at the ports 9102 and 9103 are allowed.

Here you are, though I have Wks 6.0.4. What about bacula-dir messages? Have you double-checked that the firewall has correct bacula server(s)' hostname/IP in the rules?

post-37002-1369985921_thumb.jpg

Share this post


Link to post

You can also add "Allow outgoing tcp:9101 to bacula-dir server" as an extra (this is an equivalent to "stream" of 9102 backup-dir rule, I guess), but it won't hurt anyway.

Share this post


Link to post

Here are some Screenshots to show what options we have in KSC 10.

Sry but the Screenshots are in german.

1. The way to the firewall modul:

post-471054-1369993798_thumb.png

 

2. search and add a programm to a security group

post-471054-1369993804_thumb.png

 

What i don´t know is, from where the KSC 10 get information to fill the list with these programms...because i don´t know why he has two times BACULA-FD.exe in the list... :huh:

Share this post


Link to post
It is truely bad that you have to do such tricky things...omg...i can´t believe this!

That shows how bad the KES10 is working...really guys that can´t be a real solution to stop the KES10 Firewall because in other way it will block other services where you don´t have any chance to learn KES10 to give this services access?!

How bad is this?!

There must be an other way.

 

 

Abra um chamado diretamente com analistas da Kaspersky Lab nesse link abaixo:

Para usar o CompanyAccount, basta acessar http://brazil.kaspersky.com/suporte/companyaccount

e criar uma conta usando a sua chave NFR. Os clientes também podem criar contas com as chaves adquiridas.

Share this post


Link to post
Abra um chamado diretamente com analistas da Kaspersky Lab nesse link abaixo:

Para usar o CompanyAccount, basta acessar http://brazil.kaspersky.com/suporte/companyaccount

e criar uma conta usando a sua chave NFR. Os clientes também podem criar contas com as chaves adquiridas.

 

@Alencar -- Network Secure

 

Remember this is the english forum

 

Regards

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.